Connections Timed Out - Tomcat

Question

I'm having a problem with Tomcat:

On a clean install, connecting to [ip-address]:8080 times out.

I have seen many similar questions and tried basically everything there, with no success. But here is all my data related to similar problems:

Version: Tomcat 7

Linux: Ubuntu

iptables -L output:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

netstat -nat | grep :8080 output

tcp6       0      0 :::8080                 :::*                    LISTEN

telnet localhost 8080 output

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

telnet [ip-address] 8080 output

Trying [ip-address]... (this seems to go on forever)

I feel like I must be missing something incredibly obvious, as I have not added any WARs/made any modifications to the server except installing java and tomcat. Below is my Server.xml (comments removed):

<?xml version='1.0' encoding='utf-8'?>

<Server port="8005" shutdown="SHUTDOWN">

  <Listener className="org.apache.catalina.core.JasperListener" />

  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <GlobalNamingResources>

    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <Service name="Catalina">

    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               URIEncoding="UTF-8"
               redirectPort="8443" address="0.0.0.0"  />

    <Engine name="Catalina" defaultHost="localhost">

      <Realm className="org.apache.catalina.realm.LockOutRealm">

        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>

      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log." suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />

      </Host>
    </Engine>
  </Service>
</Server>

Is there a network firewall in the way? Are you using a VPS or something? — Falcon Momot, Aug 26 '15 at 04:05
Are you connecting to the server's IPv4 or IPv6 address? Your `netstat` output does not indicate that it's listening to 8080 on a v4 address. — EEAA, Aug 26 '15 at 04:05
Tomcat is binding to IPv6. Take a look at this previous question and answers, it may help. http://serverfault.com/questions/390840/how-does-one-get-tomcat-to-bind-to-ipv4-address — Gene, Aug 26 '15 at 04:06
Kudos for the extensive collection of diagnostic info. At this stage, I'd break out `tcpdump` to make sure that traffic is flowing where it should be flowing, and also looking at the `netstat -atn` output to see what state the connection is in, exactly. SYN_SENT vs SYN_ACK might be instructive. — womble, Aug 26 '15 at 04:06
@Gene Unless it's binding with v6only, it'll work fine on IPv4 connections using v4-mapped addresses. Also, if it were connecting to an unbound address, you'd see ECONNREFUSED immediately rather than the connection hang. — womble, Aug 26 '15 at 04:07
@FalconMomot I am on a VPS (Amazon EC2 instance). There does not appear to be a firewall (see the iptables output) — Jeremy Barnes, Aug 26 '15 at 04:09
@Gene I have been connecting to the IPv4 (but also using the Amazon supplied DNS lookup). I'll try that solution and edit my question accordingly. — Jeremy Barnes, Aug 26 '15 at 04:10
@womble hey thanks. I try to only ask quality questions when possible. — Jeremy Barnes, Aug 26 '15 at 04:18
@womble, thank you, I was not aware of that. I haven't done much with IPv6 (we disable it). Guess I'll have to get out some reading material. :) — Gene, Aug 26 '15 at 06:43

score 3 · Accepted Answer · answered Aug 26 '15 at 04:11

3

Since you are on Amazon EC2, and it's working local to the instance but not to its IP address, check your host's network ACL (i.e. security group). The wizard guides you to set up a very restrictive policy, and if you try to do something like open up HTTP to the world, it will just open inbound port 80.

answered Aug 26 '15 at 04:11

Falcon Momot

24,975
13
61
92

1

This was it! I knew when I set up those rules they would come back to bite me. I had totally forgotten about them. Thanks! (I will, of course, mark yours as "answer" in 4 minutes). – Jeremy Barnes Aug 26 '15 at 04:13

Connections Timed Out - Tomcat

1 Answers1